Debian-LTS alert DLA-174-1 (tcpdump) [LWN.net]


From:
    	       Raphael Hertzog <hertzog@debian.org> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 174-1] tcpdump security update 
Date:
    	       Tue, 17 Mar 2015 10:57:43 +0100
Message-ID:
    	       <20150317095743.GA26128@home.ouaza.com>
Package        : tcpdump
Version        : tcpdump_4.1.1-1+deb6u2
CVE ID         : CVE-2015-0261 CVE-2015-2154 CVE-2015-2155

Several issues have been discovered with tcpdump in the way it
handled some printer protocols. Those issues can lead to denial
of service, or, potentially, execution of arbitrary code.

CVE-2015-0261

    Missing bounds checks in IPv6 Mobility printer

CVE-2015-2154

    Missing bounds checks in ISOCLNS printer

CVE-2015-2155

    Missing bounds checks in ForCES printer


Thanks to Romain Françoise who prepared this update.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

From:		Raphael Hertzog <hertzog@debian.org>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 174-1] tcpdump security update
Date:		Tue, 17 Mar 2015 10:57:43 +0100
Message-ID:		<20150317095743.GA26128@home.ouaza.com>